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® Each tenminal (T|) must be provided with keys. If 
the system comprises many temiinais (Ti) each ter- 
minal must have a large memory capacity therefor. 
According to the invention, ttie terminals are com- 
bined in groups (A„ A,) optionally groups of such 
groups (B,) being fonmed. By assigning, in each 
group, keys (g. s) to tiie tenninals belonging to the 
group (G,S) the quantity of keys to be stored in each 
terminal can be significantiy reduced. 
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"System for storing and distributing keys for cryptographically protected communication.'' 



The .invention relates to a system for storing 
and distributing keys for cryptographically protect- 
ed communication, the system comprising a plural- 
ity of terminals which are interconnectable, each 
terminal comprising a transmitter, a receiver, an 
enciphering and a deciphering arrangement and a 
memory arrangement storing the keys for encipher- 
ing the clear data to be transmitted by the terminal 
and deciphering the enciphered data to t>e re- 
ceived by the terminal. 

Such a system is generally known. 

In a network having N terminals there are - 
( 2* ) = 4- N (N-1) possible communication 
links between two terminals if it is assumed that 
the communication direction is not of significance. 
By storing in each terminal {N-1) keys a connection 
can be established to any other terminal, which 
connection is protected by a unique key. the key 
material for the overall network of N terminals can 
be represented as a N.N key matrix. A key matrix 
is a square matrix each' element of which repre- 
sents an enciphering or a deciphering key. The 
matrix has no elements on the main diagonal - 
(communication of the terminal with itself is non- 
existent) and is symmetrical (the same key is used 
for communication between terminal i and terminal 
j and for the communication between J and i). By 
storing in each terminal the (N-1) keys shown in 
the relevant column (or the row of the key matrix, 
each terminal (for example T|) can safely commu- 
nicate with any other terminal (for example Tj) ^ 
their common key (terminal T| utilizes key kijte- 
rmlnal Tj utilizes key kpwhich keys are identical 
since the key matrix is symmetrical). This method, 
although simple, is not attractive if the number of 
terminals in the network is large, as the required 
storage capacity S in each temnlnal for storing the - 
(N-1) keys amounts to (N-l).L bits. L being the 
length of the key in bits. If N has a value of 10 000 
and the key length L is 150 bits, then each terminal 
must have a storage capacity S of 1 .5 Mbits. 

The invention has for its obect to provide a 
system of the type defined in the opening para- 
graph, in which tenminals having a limited storage 
capacity for storing enciphering and deciphering 
keys are sufficient. To accomplish this, according 
to the invention the system described in the open- 
ing paragraph is characteerized in that tiie termi- 
nals are classified in a hierarchy of groups, this 
hierarchy having I levels (I Ss 2). that tiie first, 
highest level (I = 1) Is formed by upper group)S of 
niEiterminals each« that a unique upper group key 
matrix is associated with each upper group and 
that in the memory arrangement of the i'^ terminal - 
(i = 1 , 2, ... n,) of an upper group tfie i^** column 



and the i*^ row of the upper group key matrix are 
stored, that the lowest level 0 ° Imsc) is formed by 
a plurality of sub-groups each having nt terminals, 
that a unique lower group key matrix is associated 

5 with each lower group and that the j*** row and the 
j**'column of the relevant lower group key matrix 
are stored in the storage arrangement of the f 
terminal ( j = 1, 2, . . . "l„aoJ. that -if I > 2) -one or 
a plurality of intermediate levels are arranged i^e- 

10 tween said highest and lowest levels, the intermedi- 
ate levels each comprising a plurality of intermedi- 
ate groups each having nttenminais, the intermedi- 
ate groups having been ofcrtained by dividing the 
groups present in the next higher level, that a 

75 unique Intermediate group key matrix is associated 
with each intermediate group and that in the mem- 
ory arragement of the k'** terminal of each Inter- 
mediate group the k**Vx5lumn and the k ^ row of 
the relevant Intermediate group key matrix are 

20 stored, that each terminal Includes means for de- 
termining a conversation key for secret commu- 
nication with any other tenminal of the rows and 
columns of key elements stored in the memory 
anangement of the terminal, this conversation key 

25 being formed from the key elements both tenminals 
have in common and the conversation key contain- 
ing a key element from the key matrix of each 
level. 

The system according to the invention has the 
30 advantage that the required storage capacity can 
be reduced in a terminal depending on the number 
of (intenmediate) levels, by a factor of 10 to 100 in 
those cases in which the number of terminals be- 
longing to the networic is large (for example more 
35 than 1000). 

It is advantageous If the number of upper 
groups amounts to 2, the numt)er of terminals per 
sub-group also amounts to 2 and that If I > 2, the 
number of Intermediate groups associated with the 
40 intermediate group next higher In hierarchy also 
amounts to 2. In this case the number of keys to 
be stored must be at a minimum. 

An embodiment of the invention will now be 
descrit}ed In greater detail by way of example with 
45 reference to the accompanying drawings. Therein 

Rg. 1 is a schematic representation of a prior 
art crypto-communication system; 

Rg. 2 is a schematic representation of a first 
crypto-communication system embodying the in- 
50 vention: 

Rg. 3 is an alternative representation of the 
system of Hg. 2; and 

Rg. 4 is a schematic illustration of a second 
crypto-communication system embodying the In- 
vention. 
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Rg 1a shows a prior art communication system 
which, by way of example, is fonned by four temni- 
nals A. B. C and D. Each terminal is connectable to 
any of the other tenminais. The key matrix asso- 
ciated with this networic is illustrated in Fig. lb and 
comprises a square symmetrical 4x4 matrix 
formed from the elements kg, wherein i » a, b, c, d 
and j = a, b, c. d. The main diagonal of the matrix 
is stored as a result of which terminal B, for exam- 
ple, can utilize the column of key elements k«b . 
kbc, kbd. The key matrix has a total of 6 different 
keys and each terminal contains 3 different keys 
from this total numl>er of keys. If terminals B and C 
want to communicate they inform each other there- 
of.Thereafter terminal B selects from the key ma- 
terial rt has at its disposal the (so1e)key it has in 
common with terminal C. i.e. k be- Terminal C does 
the same and automatically selects the same key 
as tenminal B. Although this system is crypto- 
graphically safe (even if all the keys of tenminal A 
and/or D are known to an unauthorized commu- 
nication participant the latter is not capable of 
overhearing the connection BC). the required key 
storage capacity of each terminal memory is rather 
high, as in a system consisting of N terminals - 
( 2 ) = * N (N-1) connection possibilities 
can be distinguished arxl for each tenminal (N-1) 
different keys of the total of i N(N-1) different keys 
must be stored. If N is large, for example 10 000, 
then this requires a memory storage capacity In 
each temninal of 1.5 Mbits if a key contains 150 
bits. 

The system according to the invention has for 
its object to reduce the required storage capacity. 
Rg. 2 shows such a system. The system com- 
prises groups of terminals Gi, G,. G, and G*. each 
group containing a plurality of terminals. Group Gj. 
for example, includes terminals S., Sj. S, and S*. 
which terminals are interconnectable. The groups 
G,. G>. G] and G« are also interconnectable. It is 
proposed to arrange the system so tttat there is an 
associated both between terminals within a group 
having a certian key matrix (the S matrix in Rg. 
2b) and also between the groups themselves (the 
Q -maWx in Rg. 2b). The sires of the S and G 
matrices are determined by the number of termi- 
nals per group or the number of groups in the 
system, as ttie case may be. Alttuxigh in Rg. 2 a 
size of 4 has been chosen for kx>th matrices, this is 
in no way essential to the invention. The network 
may be divided into any numljer of groups and 
each group may comprise any number of termi- 
nals, whilst there is no need at all for the number of 
groups to be equal to the number of terminals per 
group. 



The niethod of effecting a protected connection 
will now be described partly with reference to 
Rg.3. To that end, Rg. 3a illustrates the drawing of 
Rg 2a In a different way. showing the hierarchy 
6 between terminals and grups. At the highest level (I 
e 1) the groups G,...Gu are shown. Each group 
"heads* four tenminals. for example T„ T^ T, and 
T4 which are anranged at a second level (I » 2). In 
each terminal the following key material is stored: 
10 (a) the row and the column of the key matrix Q 
of the group to which the terminal belongs. So, for 
example, all the termiais in Group G, are provided 
with keys g,,, g^. g^,, g*,. g,„ g„ and g**. 

(b) the row and the column of the key matrix S 
15 associated with the terminal. So. for example, T, - 
(Rg. 3a) of group G, comprises in addition to the 
keys obtained because of (a) the keys Sa. Sa. Sa, 
s«3. s,,. Sb ar>d Sm. 

To protect the path between, for example, ter- 
20 minals T. and Ta these terminals utilize a combina- 
tion of the keys which they have In comnwn in 
tx>th the S and ttie Q matrices, i.e. as can be seen 
from Rg. 2b, Sa. g,4. This combination may, for 
example, be what is commonly referred to as 
25 "onew-ay functkMi". Such a function has the prop- 
erty that ft Is easy to detenmine the function k in 
accordance with k » r (S,. S,...Sp) but that it is 
very difficult (substantially Impossible) to detenmine 
the elements S„ Ss...Sp from k. This example, and 
30 a few further examples, are illustrated in Rg. 3b. 

If the required storage capacity is compared, 
then it is found that in the example' of Rgs. 2/3 in 
which only 16 terminals are included in a network, 
the reduction in memory storage capacity is extr- 
as mely marginal: in the prior art system (Rg. 1) N- 
1 a 15 keys shouW be stored, whilst in the system 
according to the invention (Rgs. 2/3) 2(2n-1) = 14 
keys must be stored. The advantage of the inven- 
tion, however, becomes obvfous if the number of 
40 terminals exceeds 1000. If N ■ 10 000. then in the 
first case 9999 keys must be stored and in the 
second case only 396, i.e. a factor of 25 less. 

The required storage capacity can further be 
reduced by increasing the number of levels (I). In 
45 Rg. 4 a network formed by 16 tenminals is hierar- 
chically divided into 4 levels. Each 3ut>-group D at 
level I « 1 contains two intermediate groups name- 
ly Ci and C at level I " 2, whilst each intenmediate 
group C„ C2 contains two further intermediate 
50 groups namely B, and B,. Rnally, tfie intemDediate 
groups B„ Bt each contain two sub-groups, namely 
A, and A,. In each terminal a row and a column of 
the key matrix of each of the (four)levels must now 
be stored. Since a 2 x 2 matrix is associated with 
55 each level, the number of keys to be stored is 4.3 
■ 12 keys instead of 15 and 14. respectively in the 
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system of Rg. i and Rgs 2/3. For large numbers 
the advantage is again more obvious: in the case in 
which N = 10 000, only 76 keys must be stored 
for each terminal. 

Generally it holds that for a prior art network 
having N terminals the required key storage capac- 
ity S can bo determined from 

S = (N-l).Lbits (1) 



if no hierarchy is used, as In the system described 
with reference to Rg. 1 , and in that case the total 
of the number of different keys is 

K. = ^/^ N. (N-1) (2) 

In the system according to the invention, for 
the case in which the network is divided into I 
levels (I 2 2), Ni sub-groups being present at level 
I, a total of 



70 



S^^ = (-1 +2 



i=1 



(3) 



different keys must be stored for each terminal - 
(wherein 



N| = N). The network has at its disposal a total of 



1 

i=1 



26 



^1 = 



i=1 



N . 



(4) 



different keys. 

It has been found tinat Sr is a minimum when 
the number of terminals for each group and the 
number of sub-groups per group are each chosen 
equal to 2. So in that case it holds that 

I = log,N; (5) 

the number of keys to be stored for each terminal 



35 



40 



45 



amounts to 

Sopt = 3 L.og,N (6) 

and the total number of different keys amounts to: 

Kop, « 4.\oQ^, (7) 

In Table I the above formulae are elaborated 
for a network having N = 4096 temninais. The first 
line in the Table relates to the prior art system; the 
second and further lines relate to the system ac- 
cording to the invention. The last line thereof in- 
dicates the hierarchic division for the case in which 
the minimum number of keys per terminal (36) is 
desired. 
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TABLE I 
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4095 
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254 
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16 


93 
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60 
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42 


12 


2 


36 
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Claims 

1. A system for storing and distributing keys 
for caiptographically protected communication, the 
system comprising a plurality of terminals which 
are interconnectable each terminal comprising a 
transmitter, a receiver, an enciphering and a de- 
ciphering arrangement and a memory arrangement 
storing the keys for erx^iphering the clear data to 
be transmitted by the terminal and deciphering of 
the enciphered data to be received by the terminal, 
characterized in that the terminals are classified In 
a hierarchy of groups, this hierarchy having I levels 
(I 2 2) that the first, highest level (I = 1) is formed 
by upper groups of nj.i terminals each, that a 
unk^ue upper group key matrix is' associated with 
each upper group and that in the memory arrange- 
ment of the i*** terminal (I « 1 .2. ... nj of an upper 
group the i<^ column and the i**' row of the upper 
group key matrix are stored, that the lowest level (I 
= Imax) is formed by a plurality of sut)-groups each 
having niterminals, that a unique lower group key 
matrix is associated with each kwer group and that 
the j*** row and the column of the relevant sub- 
group key matrix is stored in the memory arrange- 
ment of the i«4enminal G « 1. 2....ntnmJhat If I > 2 
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one or a plurality of intermediate levels are ar- 
ranged between said highest and lowest levels, the 
Intermediate levels each comprising a plurality of 
intemiediate groups each having ni terminals, the 
intermediate groups having been obtained by divid- 
ing the groups present In the next higher level, that 
a unique intermediate group key matrix is asso- 
ciated with each intermediate group and that in the 
memory arrangement of the k* terminal of each 
intenmediate group the k*** column and ttie k*** row 
of ttie relevant Intermediate group key matrix are 
stored, that each terminal Includes means for de- 
termining a conversation key for secret commu- 
nication with any other terminal of the row and 
column key elements stored in the memory ar- 
rangement of the terminal, this conversation key 
being fomied from the key elements the two termi- 
nals have in common and the conversation key 
containing a key element from the key matrix of 
each level. 

2. A system for storing and distributing keys as 
claimed in Claim 1m characterized in that the num- 
ber of upper groups amounts to 2, the number of 
terminals of each sub-group also amounts to 2 and 
that if 1 > 2, the numt»er of intermediate groups 
associated with the intermediate groups next higher 
In hierarchy also anrounts to 2. 
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